Documents provided by former National Security Agency contractor Edward Snowden have revealed that the NSA and its partner, Great Britain's GCHQ, have done a whole lot more than just passively monitor what passes over the Internet. Using their surveillance tools, the intelligence agencies have been able to identify and target individuals at organizations of interest—not just suspected terrorist cells.

The latest target of these "tailored access" efforts to come to light is OPEC, the Organization of Petroleum Exporting Countries. Brazil's Petrobras, Belgium's Belgacom, and many others have been targeted as well, based on documents provided by Snowden. According to a report in Der Spiegel, the NSA and GCHQ have had access to OPEC's internal networks and systems since January of 2008, allowing the NSA to provide intelligence on individual members of OPEC and the countries' negotiations and tactics. As with the GHCQ hack of engineers at Belgian telecom provider Belgacom, the infiltration of OPEC took advantage of partnerships with international telecommunications providers to reroute Internet traffic to and from targeted users within the organization, including Saudi Arabia's OPEC governor, through network equipment controlled by the intelligence agencies. That allowed the NSA and GCHQ to perform "man-in-the-middle" attacks that let them install malware onto the target computers and gain access to OPEC's internal network—even gaining administrative privileges for the network and access to file servers.

The attack, called a "Quantum insert," is just part of an arsenal of network monitoring and attack tools that the NSA and GCHQ have created that have essentially turned the global Internet into a weapons system that can scan for, identify, target, and attack nearly anyone of interest who connects to Internet services across borders.

How to pwn friends and spy on people

Further Reading

Here’s how the NSA and GCHQ go after an organization like OPEC step by step, based on an analysis of the NSA and GCHQ documents exposed by Snowden:

Step 1: Identify. Using the NSA-built packet capture and inspection system called TURMOIL, the agencies filter through Internet traffic at a network choke point looking for specific "fingerprints" in traffic that identify users with the organization being targeted. Data from TURMOIL gets pulled into a number of traffic analysis tools, such as XKeyscore and TRAFFICTHIEF, which do different sorts of packet analysis.

XKeyscore is the NSA's distributed search engine, catching a large chunk of international Internet traffic for analysis. It helps find things deep in the clutter of the Internet that analysts might miss by allowing them to use search terms to find things in both live and cached Internet traffic.

TRAFFICTHIEF, on the other hand, is much more focused. It filters for very "strong" indicators, like known sets of IP addresses, addresses within e-mail traffic, or user names in logins to social networks or other services. It provides less depth of analysis than XKeyscore, but it can handle much larger loads of data because it is more selective about what it processes.

Together, the tools can be used to identify the systems used by an individual or organization, including ranges of addresses that they may use from work or home.

Step 2: Target. Using the profiles built using the surveillance tools, the agencies can then identify potential points of attack. XKeyscore, for example, can be used to search for patterns that identify known security vulnerabilities within a range of addresses. Web visit histories, e-mail traffic, and other data are analyzed looking for the most likely (and least detectable) approach to gain access, and a specific attack plan is crafted, including the identification of where to launch the attack from.

At the NSA, this sort of thing is the work of Tailored Access Operations. In the case of OPEC, the targeting process apparently went on for several years as the NSA sought openings for an attack.

Step 3: Attack. Depending on who the target is, the NSA and GCHQ have a variety of options. The least costly is to use access provided by one of the intelligence agencies' telecommunications "partners" who own network equipment at an exchange or other choke point that the target's Internet traffic passes through. The agency running the attack can use that access to introduce changes to Internet routing tables that detour the targeted individual's traffic. But in some cases, the NSA and GCHQ may have to perform "unilateral" taps on network backbones to gain that level of access—targeting a piece of network hardware to take over or splicing directly into the target's own connection to the Internet.

It's not clear which attack the NSA used to gain access to OPEC's systems, though the GCHQ used a Quantum attack two years later to gain its own very special access to the cartel's network. In the case of the Belgacom hack, the GCHQ used a Quantum insert attack—routing the Web requests for LinkedIn and Slashdot from the engineer being targeted to a server posing as those sites. The NSA has used the same approach to intercept traffic to sites such as Google.

The man-in-the-middle server can present content from the actual sites the target intended to visit, but it can also add content to the traffic, using what's called packet injection—modifying the contents of the data as it passes through—and intercept the user's credentials. And by using a forged certificate, the NSA can intercept encrypted traffic intended for the destination site.

Once the user has connected to the fake server, the intelligence agencies can use the connection to launch attacks against the target's Web browser to install monitoring software or other malware, using similar techniques to those used by hackers. They can also use credentials exposed via the man-in-the-middle attack to gain access to other accounts owned by the target and to troll through connections in those services that might be potential targets.

Step 4: Exploit. Once the target's computer has been successfully attacked, the effort begins to look much like that of the Chinese cyber warriors' attack of the New York Times or what cybercriminals typically do when they score access to high-value targets. The agencies' hackers work to stealthily expand their level of access, using customized remote administration tools to grab user privileges and gain access to other network resources—mail servers, file servers, and other network systems. They then start to "exfiltrate" data from these systems and deliver them to analysts.

The gift that keeps on giving

The problem with these types of attacks (at least for the NSA and GCHQ) is that up front, they're expensive to conduct. The Quantum attack messes directly with the workings of the Internet, and it requires the cooperation of a telecom company—which undoubtedly comes with a hefty price tag. And the NSA and GCHQ have to spend human, computing, and financial resources to develop the custom attacks (or buy them from hackers), build and monitor the attack packages, and then quickly cover their tracks. The cost elevates rapidly when the NSA or GCHQ has to do the black-bag work of tapping into networks themselves to gain access.

Because of the targeted nature of these attacks, the NSA and GCHQ can likely only manage a fairly limited number of such efforts. But once those efforts are complete, they're the gift that keeps on giving in terms of intelligence data—at least until the operations are exposed. The NSA's monitoring of OPEC likely ended within the last few years as US dependence on Saudi Arabian oil decreased, but there are plenty of other targets that NSA is likely continuing to mine for intelligence information.

Oh, so this is what they were worried about when they gave telecom legal immunity. Because being complicit in corporate espionage doesn't exactly fit with the "just following the law" excuse.(This presuming they are also doing the same for economic and political targets domestically.)

I see where you're coming from, but I'm largely ok with most things the NSA does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

The NSA's monitoring of OPEC likely ended within the last few years as US dependence on Saudi Arabian oil decreased, but there are plenty of other targets that NSA is likely continuing to mine for intelligence information.

What's the evidence for saying there's likely a decrease? Even though the US dependence on middle-eastern oil has decreased with natural gas, the tar sands, and offshore-drilling, I can't imagine that the interest in knowing what OPEC is thinking has decreased.

Also, it is interesting to note that these hacks mean that the US federal government (and potentially therefore individuals at NSA acting in a private capacity) have advanced, insider knowledge about the supply and demand of the global oil market.

People have been speculating about tapping Wall Street firms for personal or institutional gain. This case shows that this sort of speculation is reasonable. If you're the one reading the OPEC internal emails, wouldn't you shift around your 401k a little bit (or at least decide to fuel your car on your commute home Friday afternoon instead of Monday morning)?

I'm coming around. At first I thought this whole story was somewhat overblown, and I was baffled that everyone was so surprised that a spy agency with carte blanche was spying with carte blanche. When I read that the techniques used were of the sort generally available to any competent professional, I figured "fair play."

Now it's much clearer that this story is likely to get much worse before it gets any better.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

So, the NSA's and GCHQ's efforts have morphed from protecting their respective countries from terrorist attacks to enabling domestic special interests (and likely large campaign donors) by providing intelligence on their competitors' products, stockpiles, negotiation points, and limitations. So, by extension: as dissenters are already considered potential traitors and journalists enablers of terrorists, are competitors of domestic special interests now considered "enemies of the state" and worthy of expensive and tedious monitoring by our security services?

The last time I looked, Petrobras was NOT lining up pressure cooker attacks in our nation's cities.

How, in God's name, are these expensive and resource-intensive spying efforts against our nominal "friends" and/or "allies" to be reconciled with the imagery of a man holding the femoral artery of a Boston Marathon victim to prevent him from bleeding out?

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

And what about the probability that they'll do the same thing to US targets? They already have the infrastructure in place, and Congress doesn't seem to care what the NSA does.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

In the long run that mentality damages global US industry.

EG: why would someone who isn't a US citizen do business with US companies if we now know some of those companies roll over like a lap dog whenever the NSA comes snooping?

For that matter, why would a US citizen do business with them, b/c it's a very slippery slope to go "now that you've coughed up info on foreigners, let's see what the locals are up to..."

What kills me about US industry is that if you work for them they can take away your rights (you can get fired for saying certain things, so no 1st amendment rights while working for company XYZ... you can't bring guns on property, so no 2nd amendment rights...) ... and yet these same companies are so willing to violate the rights of customers as they see fit.

Why do we even have a bill of rights when it's meaningless most of the time?

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

In the long run that mentality damages global US industry.

EG: why would someone who isn't a US citizen do business with US companies if we now know some of those companies roll over like a lap dog whenever the NSA comes snooping?

For that matter, why would a US citizen do business with them, b/c it's a very slippery slope to go "now that you've coughed up info on foreigners, let's see what the locals are up to..."

What kills me about US industry is that if you work for them they can take away your rights (you can get fired for saying certain things, so no 1st amendment rights while working for company XYZ... you can't bring guns on property, so no 2nd amendment rights...) ... and yet these same companies are so willing to violate the rights of customers as they see fit.

Why do we even have a bill of rights when it's meaningless most of the time?

The 2nd Amendment doesnt give you the right to carry a gun in MY house, it gives you the right to own a gun. Same pretty much goes for the first. Maybe you need to study up a bit on what that bill of rights is for?

lol...OPEC are terrorists according to the Americans. Next time I see or hear a story about Chinese & Russian hackers infiltrating American "private" companies/organization/cartels/foundations I call it fair game. After all they need to keep tabs on the "Terrorists" on the other side of the globe.

On the on hand OPEC seems to be a pretty legitimate target for NSA surveillance. In addition to the inherent importance of OPEC to the US economy and national security, access to the OPEC systems could provide route to the computer systems of Iran and Venezuela. However, the disturbing cooperation and complicity of the telecoms is damaging to our entire IT industry and is a large OPSEC liability.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

Which is exactly why Snowden's actions were reckless, irresponsible and ultimately more harmful than good. While pursuing ideological purity for a society is all well and good it has to balance with reality and practical considerations. Consequences like these likely never entered Snowden's consciousness.

The consequences are not Snowden's fault. The telecom/IT industry ruined it's own credibility when it assisted hackers for money. Keeping it secret forever is not a good strategy for multiple reasons, one of which is that a conspiracy that big will inevitably leak, another is that citizens have a right to know what the government feels they are allowed to do in their name.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

Which is exactly why Snowden's actions were reckless, irresponsible and ultimately more harmful than good. While pursuing ideological purity for a society is all well and good it has to balance with reality and practical considerations. Consequences like these likely never entered Snowden's consciousness.

Or NSA just stick to their primary responsibility as a "NATIONAL SECURITY AGENCY" instead of doing economic espionage operations.

The United States as a whole, sure, maybe. But it was never about what the United States as a whole gained - the NSA's resurgence and abuses in the 21st century have, one hundred percent, been about what the few at the top spearheading and running and being complicit with its actions end up gaining. As far as they're concerned, you and I and anyone else that may suffer for their decisions can eat dirt.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

Which is exactly why Snowden's actions were reckless, irresponsible and ultimately more harmful than good. While pursuing ideological purity for a society is all well and good it has to balance with reality and practical considerations. Consequences like these likely never entered Snowden's consciousness.

So the fault is not for those who did the wrong doings, they were not reckless or irresponsible, instead the fault is on Snowden, he is the reckless and irresponsable for giving the information of the wrong actions commited by the NSA, Snowden had to have consciousness with the release of information, but not the NSA with the search of personal information of foes, friends, and their own citizens alike, whatever they fancy, becuase they were pursuing a real balanced, and practical society through searching, controlling and keeping the information of all the world in the process, without any form or shape of control and oversight, by any individual or government, they are above and beyond anything known to man.

Yeah shame on Snowden for pursuing purity and ideals, and high five on NSA for pursuing global information domination, because never in the history of human kind, something bad came out of people or groups of people controlling something without any restrains while veil in secrecy.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

Which is exactly why Snowden's actions were reckless, irresponsible and ultimately more harmful than good. While pursuing ideological purity for a society is all well and good it has to balance with reality and practical considerations. Consequences like these likely never entered Snowden's consciousness.

The consequences are not Snowden's fault. The telecom/IT industry ruined it's own credibility when it assisted hackers for money. Keeping it secret forever is not a good strategy for multiple reasons, one of which is that a conspiracy that big will inevitably leak, another is that citizens have a right to know what the government feels they are allowed to do in their name.

The NSA is not an "anti-terror" agency. They have always been a spy agency in charge of collecting "intelligence", not necessarily criminal in nature, that may be useful for the nations interest in trade, law enforcement, government, diplomatic efforts, etc.

Everybody knew that and have for decades. I'm sure you are not saying its okay to have sand bagged these interests.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

Which is exactly why Snowden's actions were reckless, irresponsible and ultimately more harmful than good. While pursuing ideological purity for a society is all well and good it has to balance with reality and practical considerations. Consequences like these likely never entered Snowden's consciousness.

The consequences are not Snowden's fault. The telecom/IT industry ruined it's own credibility when it assisted hackers for money. Keeping it secret forever is not a good strategy for multiple reasons, one of which is that a conspiracy that big will inevitably leak, another is that citizens have a right to know what the government feels they are allowed to do in their name.

The NSA is not an "anti-terror" agency. They have always been a spy agency in charge of collecting "intelligence", not necessarily criminal in nature, that may be useful for the nations interest in trade, law enforcement, government, diplomatic efforts, etc.

Everybody knew that and have for decades.

So you're saying that performing a MITM attack isn't hacking because it's government approved hacking? I guess that means the US had no room to complain when China got caught hacking US computers.

All I said is the objectively true statement that the telecoms chose to assist with hacking in exchange for money, and that making that choice is likely to cause people to distrust them. Which is a thing that happens when you secretly trade private data for money.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

haha, nope. Really the surprising part is that the telecoms would have to be paid. Looking at my phone bill and thinking of their customer service helplines, I would think they'd jump at the chance to screw people over in new and interesting ways.

lol...OPEC are terrorists according to the Americans. Next time I see or hear a story about Chinese & Russian hackers infiltrating American "private" companies/organization/cartels/foundations I call it fair game. After all they need to keep tabs on the "Terrorists" on the other side of the globe.

Exactly.

Quote:

So, the NSA's and GCHQ's efforts have morphed from protecting their respective countries from terrorist attacks to enabling domestic special interests (and likely large campaign donors) by providing intelligence on their competitors' products, stockpiles, negotiation points, and limitations. So, by extension: as dissenters are already considered potential traitors, journalists enablers of terrorists, are competitors of domestic special interests now considered "enemies of the state" and worthy of expensive and tedious monitoring by our security services?

The last time I looked, Petrobras was NOT lining up pressure cooker attacks in our nation's cities.

How, in God's name, are these expensive and resource-intensive spying efforts against our nominal "friends" and/or "allies" to be reconciled with the imagery of a man holding the femoral artery of a Boston Marathon victim to prevent him from bleeding out?

I don't think they considered OPEC a competitor of domestic interests, especially since the U.S. doesn't produce enough oil to meet its own needs. More likely they saw OPEC as a global price-fixing cartel that controlled a major portion of the world's energy output and could conceivably bring global industry to a stop. Not so much "enemy of the state" as "potential inconvenience."

As such, it doesn't matter that Petrobras isn't planning any major attacks, but nice imagery.

Same deal with the people who helped at the Marathon bombings. I'm pretty sure the government didn't dispatch that guy and tell him to hold that man's arteries. His actions are a reflection on the American people, not the American government.

And thank you for putting the scare quotes around "friends." People have friends, governments don't have friends. All friendships are nominal friendships, based on quid pro quo. The U.S. gets oil from the Saudis and a supportive voice in OPEC, and the Saudis get American support for the royal family. Pure business. America gets to trade with Russia and not be attacked by their massive nuclear arsenal, and Russia instantly lost the "enemy" status they had with half the world when they were the Soviet Union. Also they get to trade with us, stop having as many missiles pointed at them, and aren't going to be attacked with our massive nuclear arsenal. China's the same way, as is pretty much every other country.

I see where you're coming from, but I'm largely ok with most things the NAS does as long as it doesn't violate the rights of American citizens. I always figured this is what the NSA was supposed to be doing; launching large-scale hacking efforts to see what other nations were up to. When you think about it, looking into a resource cartel such as OPEC that's pretty much essential to the global trade isn't such a bad idea.

You are not concerned that in the process of keeping tabs on other nations they completely destroy the credibility and trustworthiness of the entire telecom/IT industry?

Which is exactly why Snowden's actions were reckless, irresponsible and ultimately more harmful than good. While pursuing ideological purity for a society is all well and good it has to balance with reality and practical considerations. Consequences like these likely never entered Snowden's consciousness.

So the fault is not for those who did the wrong doings, they were not reckless or irresponsible, instead the fault is on Snowden, he is the reckless and irresponsable for giving the information of the wrong actions commited by the NSA, Snowden had to have consciousness with the release of information, but not the NSA with the search of personal information of foes, friends, and their own citizens alike, whatever they fancy, becuase they were pursuing a real balanced, and practical society through searching, controlling and keeping the information of all the world in the process, without any form or shape of control and oversight, by any individual or government, they are above and beyond anything known to man.

Yeah shame on Snowden for pursuing purity and ideals, and high five on NSA for pursuing global information domination, because never in the history of human kind, something bad came out of people or groups of people controlling something without any restrains and veil in secrecy.

There are interest I'm sure that you care about that were harmed because of Snowden's actions. It would be nice if its all limited to a discussion about privacy and technology and the Constituion as Snowden intended. But that not the only consequence of his reckless document dump.

What are the negative effects to the average person? If we're lucky, the NSA gets roped in for the first time in decades, there's a temporary backlash against the US in foreign negotiations, and a few US based companies may lose money when people stop trusting them for turning out to be untrustworthy. What's the harm again?

On the on hand OPEC seems to be a pretty legitimate target for NSA surveillance. In addition to the inherent importance of OPEC to the US economy and national security, access to the OPEC systems could provide route to the computer systems of Iran and Venezuela. However, the disturbing cooperation and complicity of the telecoms is damaging to our entire IT industry and is a large OPSEC liability.

Also, what the hell's the rational for going after Belgacom?

The Belgacom IT staff were only an interim target on the way to gaining access to the Global Roaming Exchanges (GRX routers) operated by Belgacom. Having access to these would allow GCHQ (or NSA) to monitor the voice or data transmission of roaming smartphones.

I understand fully why the U.S. or other nations would want to eavesdrop on OPEC conversations, however, as you point out, resorting to industrial espionage damages trust in the telecom industry as well as the nations doing the espionage. Depending on keeping such spying secret these days is a dangerous delusion. Why do nations have to hold on to this antiquated notion that they have to spy on each other rather than negotiate directly from a position of trust. Trust doesn't have to be based simply on naive faith. Transparency and open discussions would be much more productive. Nations states, corporations, and especially intelligence agencies are so addicted to secrecy they cannot think straight.